Thomas Millot, Unsplash (CC BY 2.0)


Two Reasons Why the GDPR Matters Everywhere

The EU’s General Data Protection Regulation provides a framework and set of user-centered guidelines about data that may just align with your mission.

Have you noticed an uptick of emails from companies like Slack, Google, or PayPal, announcing new privacy policies and terms and conditions? Why the sudden onslaught of updates? The answer is easy. The companies sending these notices are changing their policies to meet the requirements of the European Union’s General Data Protection Regulation (EU GDPR or just GDPR), which will put powerful new enforcement mechanisms into place, starting on May 25, 2018.

If you’re a US resident, or working at a US nonprofit or foundation you may wonder what, if anything, the GDPR has to do with you. Good question. There’s no simple answer for everyone outside the EU. But just as those companies (all of which are based in the United States) revisit their policies and practices because of the new law, it’s a good idea for you to do so, too.

First, the GDPR probably applies to you, whether you know it or not. It’s possible – depending on where your clients and donors live, where your data is stored, or where you provide services – that your organization is subject to fines for not following the new law. In this case, compliance is more than just a good idea, it’s required.

Second, the GDPR is a prompt for a worldwide checkup on safe, ethical, and effective data practices. Many of the GDPR’s provisions align with the data governance principles and responsible data practices that we at Digital Impact advocate for in civil society. Think of the GDPR as providing a framework and set of user-centered guidelines about data that may just align with your mission.

Many resources and consultancies are popping up to help organizations comply with the GDPR. Digital Impact is here to help you navigate through it. We’re on the lookout for credible, accessible, and affordable resources with particular resonance to nonprofits, foundations, and civil society. In the coming months with help from our community, we’ll be curating new content, holding conversations about data governance and GDPR, and fostering discussion here at Digital Impact.

Check out our starting list of GDPR resources, send us others that you’ve found, and join the community in conversation. Want to share your view on the GDPR with the world? Become a contributor. And if there are topics, tools, or templates you need but can’t find, let us know. Maybe the Digital Impact community can help.


  1. Rachel Rank says:

    Hi Lucy,

    Its good to see other organisations looking at this from outside of the EU, especially from a non-profit angle. As you say, its a useful exercise for checking on safe and ethical data practices.

    The UK Information Commissioner’s Office (ICO) has issued some useful guidance that you might want to add to your resource list:

    We’re also developing some guidance for the grant makers that are sharing their data openly with us in the 360Giving Standard. We’ll make sure its available publicly so others can benefit from it too.

  2. Rachel
    Thanks! We’d love to see/share the 360GivingStandard guidance – let us know when it goes live. And we’ll add on this ICO guidance as well

Leave a Reply